Medium severity6.1NVD Advisory· Published Mar 15, 2017· Updated Jun 17, 2026
CVE-2016-7103
CVE-2016-7103
Description
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jquery-uinpm | < 1.12.0 | 1.12.0 |
jquery-ui-railsRubyGems | < 6.0.0 | 6.0.0 |
org.webjars.npm:jquery-uiMaven | < 1.12.0 | 1.12.0 |
jQuery.UI.CombinedNuGet | < 1.12.0 | 1.12.0 |
Affected products
27- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*Range: <19.1
cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*+ 1 more
- cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*range: <2.12.42
- cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*Range: >=16.0,<=16.2
- cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*Range: <=21.2
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*
- ghsa-coords6 versionspkg:gem/jquery-ui-railspkg:maven/org.webjars.npm/jquery-uipkg:npm/jquery-uipkg:nuget/jquery.ui.combinedpkg:rpm/opensuse/python-XStatic-jquery-ui&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-XStatic-jquery-ui&distro=SUSE%20OpenStack%20Cloud%207
< 6.0.0+ 5 more
- (no CPE)range: < 6.0.0
- (no CPE)range: < 1.12.0
- (no CPE)range: < 1.12.0
- (no CPE)range: < 1.12.0
- (no CPE)range: < 1.13.0.1-1.15
- (no CPE)range: < 1.11.0.1-2.3.1
Patches
Vulnerability mechanics
References
47- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdPatchThird Party AdvisoryWEB
- github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6nvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlnvdPatchThird Party AdvisoryWEB
- github.com/jquery/api.jqueryui.com/issues/281nvdExploitIssue TrackingPatchThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-2932.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-2933.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2017-0161.htmlnvdThird Party AdvisoryVDB EntryWEB
- www.securityfocus.com/bid/104823nvdBroken LinkThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-hpcf-8vf9-q4gjghsaADVISORY
- jqueryui.com/changelog/1.12.0/nvdRelease NotesVendor Advisory
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3EnvdMailing ListThird Party AdvisoryWEB
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3EnvdMailing ListThird Party AdvisoryWEB
- lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3EnvdMailing ListThird Party AdvisoryWEB
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3EnvdMailing ListThird Party AdvisoryWEB
- lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3EnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2022/01/msg00014.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/nvdMailing ListThird Party Advisory
- nodesecurity.io/advisories/127nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-7103ghsaADVISORY
- security.netapp.com/advisory/ntap-20190416-0007/nvdThird Party Advisory
- www.drupal.org/sa-core-2022-002nvdThird Party AdvisoryWEB
- www.oracle.com//security-alerts/cpujul2021.htmlnvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlnvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpujan2022.htmlnvdThird Party AdvisoryWEB
- www.tenable.com/security/tns-2016-19nvdThird Party Advisory
- github.com/jquery-ui-rails/jquery-ui-rails/commit/d504a40538fe5f7998439ad2f8fc5c4a1f843f1cghsaWEB
- github.com/jquery/jquery-ui/pull/1622ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ui-rails/CVE-2016-7103.ymlghsaWEB
- jqueryui.com/changelog/1.12.0ghsaWEB
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3EghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4ghsaWEB
- security.netapp.com/advisory/ntap-20190416-0007ghsaWEB
- web.archive.org/web/20200227030100/http://www.securityfocus.com/bid/104823ghsaWEB
News mentions
0No linked articles in our index yet.